1. AWS
  2. ECS - Elastic Container Service
  3. Test

General

Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service.
To ensure that incoming traffic to the host instances is from a ALB only, you can update the ECS cluster security group to allow incoming access from the IP address of the ALB only.

Security

Amazon ECS enables you to inject sensitive data into your containers by storing your sensitive data in either AWS Secrets Manager secrets or AWS Systems Manager Parameter Store parameters and then referencing them in your container definition.
This feature is supported by tasks using both the EC2 and Fargate launch types.

Secrets can be exposed to a container in the following ways:
- To inject sensitive data into your containers as environment variables, use the secrets container definition parameter.
- To reference sensitive information in the log configuration of a container, use the secretOptions container definition parameter.

Within your container definition, specify secrets with the name of the environment variable to set in the container and the full ARN of either the Secrets Manager secret or Systems Manager Parameter Store parameter containing the sensitive data to present to the container.
The parameter that you reference can be from a different Region than the container using it, but must be from within the same account.

Events

You can use CloudWatch Events to run Amazon ECS tasks when certain AWS events occur.
You can set up a CloudWatch Events rule that runs an Amazon ECS task whenever a file is uploaded to a certain Amazon S3 bucket using the Amazon S3 PUT operation.
You can also declare a reduced number of ECS tasks whenever a file is deleted on the S3 bucket using the DELETE operation.

First, you must create a CloudWatch Events rule for the S3 service that will watch for object-level operations – PUT and DELETE objects.
For object-level operations, it is required to create a CloudTrail trail first.
On the Targets section, select the “ECS task” and input the needed values such as the cluster name, task definition and the task count.
You need two rules – one for the scale-up and another for the scale-down of the ECS task count.

radXfactory 1.0.0 © 2017-2020